@openssl.org
Subject: Re: [openssl-users] HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7
NIST addresses TLS 1.0-1.2 KDFs in SP 800-135rev1. For 140-2 validation the KDF
would be tested via NIST's ASKDFVS. For those riding on the shirttails of
#1747, note that the TLS KDF component is implemented in the
Behalf Of
Dave Thompson
Sent: Wednesday, January 21, 2015 11:21 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7
> From: openssl-users On Behalf Of Dr. Stephen Henson
> Sent: Wednesday, January 21, 2015 09:28
> On Wed, Jan 21, 2015,
> From: openssl-users On Behalf Of Dr. Stephen Henson
> Sent: Wednesday, January 21, 2015 09:28
> On Wed, Jan 21, 2015, John Laundree wrote:
>
> > Ok, so I will naively ask the question "How does one do TLS 1.0/1.1 in
FIPS
> mode? Or is this no longer allowed, i.e. TLS 1.2 only?"
>
> The use of
On Tue, Jan 20, 2015, John Laundree wrote:
> I want to use code like the following while in FIPS mode
>
> const EVP_MD *md
> md = EVP_md5();
>
> so I can call HMAC()
>
> unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
> cons
On Wed, Jan 21, 2015, John Laundree wrote:
>
> Ok, so I will naively ask the question "How does one do TLS 1.0/1.1 in FIPS
> mode? Or is this no longer allowed, i.e. TLS 1.2 only?"
>
The use of MD5 for TLS 1.0/1.1 is treated as an exception which is allowed in
FIPS mode but general MD5 use is
4:10 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] HMAC-MD5 OpenSSL 1.0.1e and FIPS 2.0.7
Not possible; MD5 is not a legal FIPS digest.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/ope
Not possible; MD5 is not a legal FIPS digest.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I want to use code like the following while in FIPS mode
const EVP_MD *md
md = EVP_md5();
so I can call HMAC()
unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
const unsigned char *d, size_t n,
unsigned char *md,
